2.11 Using Named Passwords

Identity Manager allows you to store multiple passwords securely for a particular driver. This functionality is referred to as Named Passwords. Each different password is accessed by a key, or name.

You can also use the Named Passwords feature to store other pieces of information securely, such as a user name.

To use a Named Password in a driver policy, you refer to it by the name of the password, instead of using the actual password, and the Metadirectory engine sends the password to the driver. The method described in this section for storing and retrieving Named Passwords can be used with any driver without making changes to the driver shim.

NOTE:The sample configurations provided for the Identity Manager Driver for Lotus Notes include an example of using Named Passwords in this way. The Notes driver shim has also been customized to support other ways of using Named Passwords, and examples of those methods are also included. For more information, see the section on Named Passwords in the Identity Manager Driver Guide for Lotus Notes.

In this section:

2.11.1 Configuring Named Passwords by Using Designer

  1. Select the driver, then right-click and select Properties.

  2. Select Named Password, click New.

    Named passwords fields
  3. Specify the Name of the Named Password.

  4. Specify the Display name of the Named Password.

  5. Specify the Named Password, then re-enter the password.

  6. Click OK, twice.

2.11.2 Configuring Named Passwords by Using iManager

  1. In iManager, click Identity Manager > Identity Manager Overview.

  2. Search for the driver set, or browse and select a container that holds the driver set. A graphical representation of the driver set appears.

  3. In the Identity Manager Overview screen, click the upper right corner of the driver icon, then click Edit properties.

  4. On the Modify Object page on the Identity Manager tab, click Named Passwords.

    The Named Passwords page appears, listing the current Named Passwords for this driver. If you have not set up any Named Passwords, the list is empty.

    Named passwords
  5. To add a Named Password, click Add, complete the fields, and click OK.

    Create Named Password
  6. Specify a name, display name and a password, then click OK twice.

    Keep in mind that you can use this feature to store other kinds of information securely, such as a username.

  7. A message is displayed, Do you want to restart the driver to put your changes in effect? (OK=Yes, Cancel=No) click OK.

  8. To remove a Named Password, click Remove. The password is removed without prompting you to confirm the action.

2.11.3 Using Named Passwords in Driver Policies

Using the Policy Builder

Policy Builder allows you to make a call to a Named Password. Create a new rule and select Named Password as the condition. You set an action depending upon if the Named Password is available or not available. The following example shows if the Named Password userinfo is not available, then the event is vetoed.

Figure 2-4 A Policy Using Named Password

Using XSLT

The following example shows how a Named Password can be referenced in a driver policy on the Subscriber channel in XSLT:

<xsl:value-of select=”query:getNamedPassword($srcQueryProcessor,mynamedpassword)”
xmlns:query=”http://www.novell.com/nxsl/java/com.novell.nds.dirxml.driver.XdsQueryProcessor/>

2.11.4 Configuring Named Passwords Using the DirXML Command Line Utility

Creating a Named Password in the DirXML Command Line Utility

  1. Run the DirXML Command Line Utility.

    For information, see Section A.0, DirXML Command Line Utility.

  2. Enter your user name and password.

    The following list of options appears.

    DirXML commands
    
     1: Start driver
     2: Stop driver
     3: Driver operations...
     4: Driver set operations...
     5: Log events operations...
     6: Get DirXML version
    
     7: Job operations...
    99: Quit
    
    Enter choice:
    
  3. Enter 3 for driver operations.

    A numbered list of drivers appears.

  4. Enter the number for the driver you want to add a Named Password to.

    The following list of options appears.

    Select a driver operation for:
    driver_name
    
     1: Start driver
     2: Stop driver
     3: Get driver state
     4: Get driver start option
     5: Set driver start option
     6: Resync driver
     7: Migrate from application into DirXML
     8: Submit XDS command document to driver
    
     9: Submit XDS event document to driver
    
    10: Queue event for driver
    11: Check object password
    12: Initialize new driver object
    13: Passwords operations
    14: Cache operations
    99: Exit
    
    Enter choice:
    
  5. Enter 13 for password operations.

    The following list of options appears.

    Select a password operation
    
     1: Set shim password
     2: Reset shim password
    
     3: Set Remote Loader password
    
     4: Clear Remote Loader password
     5: Set named password
     6: Clear named password(s)
     7: List named passwords
    
     8: Get passwords state
    99: Exit
    
    Enter choice:
    
  6. Enter 5 to set a new Named Password.

    The following prompt appears:

    Enter password name:
    
  7. Enter the name by which you want to refer to the Named Password.

  8. Enter the actual password that you want to secure, at the following prompt that appears:

    Enter password:
    

    The characters you type for the password are not displayed.

  9. Confirm the password by entering it again, at the following prompt that appears:

    Confirm password:
    
  10. After you enter and confirm the password, you are returned to the password operations menu.

After completing this procedure, you can use the 99 option twice to exit the menu and quit the DirXML Command Line Utility.

Removing a Named Password in the DirXML Command Line Utility

This option is useful if you no longer need Named Passwords you previously created.

  1. Run the DirXML Command Line Utility.

    For information, see Section A.0, DirXML Command Line Utility.

  2. Enter your user name and password.

    The following list of options appears.

    DirXML commands
    
     1: Start driver
     2: Stop driver
     3: Driver operations...
     4: Driver set operations...
     5: Log events operations...
     6: Get DirXML version
    
     7: Job operations...
    99: Quit
    
    Enter choice:
    
  3. Enter 3 for driver operations.

    A numbered list of drivers appears.

  4. Enter the number for the driver you want to remove Named Passwords from.

    The following list of options appears.

    Select a driver operation for:
    driver_name
    
     1: Start driver
     2: Stop driver
     3: Get driver state
     4: Get driver start option
     5: Set driver start option
     6: Resync driver
     7: Migrate from application into DirXML
     8: Submit XDS command document to driver
    
     9: Submit XDS event document to driver
    
    10: Queue event for driver
    11: Check object password
    12: Initialize new driver object
    13: Passwords operations
    14: Cache operations
    99: Exit
    
    Enter choice:
    
  5. Enter 13 for password operations.

    The following list of options appears.

    Select a password operation
    
     1: Set shim password
     2: Reset shim password
    
     3: Set Remote Loader password
    
     4: Clear Remote Loader password
     5: Set named password
     6: Clear named password(s)
     7: List named passwords
    
     8: Get passwords state
    99: Exit
    
    Enter choice:
    
  6. (Optional) Enter 7 to see the list of existing Named Passwords.

    The list of existing Named Passwords is displayed.

    This step can help you make sure you are removing the correct password.

  7. Enter 6 to remove one or more Named Passwords.

  8. Enter No to remove a single Name Password, at the following prompt that appears:

    Do you want to clear all named passwords? (yes/no):
    
  9. Enter the name of the Named Password you want to remove, at the following prompt that appears:

    Enter password name:
    

    After you enter the name of the Named Password you want to remove, you are returned to the password operations menu:

    Select a password operation
    
     1: Set shim password
     2: Reset shim password
    
     3: Set Remote Loader password
    
     4: Clear Remote Loader password
     5: Set named password
     6: Clear named password(s)
     7: List named passwords
    
     8: Get passwords state
    99: Exit
    
    Enter choice:
    
  10. (Optional) Enter 7 to see the list of existing Named Passwords.

    The list of existing Named Passwords is displayed.

    This step lets you verify that you have removed the correct password.

After completing this procedure, you can use the 99 option twice to exit the menu and quit the DirXML Command Line Utility.